Application No. 10/71 1,731 Docket No. CTX-123 

AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

IN THE CLAIMS 

Please amend claim 11, 13, 23 and 30 and add claims 46 and 47 as follows: 

1 . (Original) A method for providing authorized remote access to one or more application 

sessions, the method comprising: 

(a) requesting, by a client node, access to a resource; 

(b) gathering, by a collection agent, information about the client node; 

(c) receiving, by a policy engine, the gathered information; 

(d) making, by a policy engine, an access control decision based on the received information; 

(e) identifying one or more application sessions already associated with the user in response 
to the received information; and 

(f) establishing, by a session server, a connection between a client computer operated by the 
user and the one or more application sessions identified in response to the received 
information. 

2. (Original) The method of claim 1 wherein step (a) further comprises requesting the resource 

over a network connection. 

3. (Original) The method of claim 1 wherein step (b) further comprises gathering the information 

over a network connection. 

4. (Original) The method of claim 1 wherein step (b) further comprises gathering information by 

executing at least one script on the client node. 
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5. (Original) The method of claim 1 wherein step (d) further comprises determining if the 

received information satisfies a condition. 

6. (Original) The method of claim 5 further comprising determining if the received information 

satisfies a condition by comparing the received information to at least one condition. 

7. (Original) The method of claim 6 wherein step (d) further comprises making an access control 

decision by applying a policy to the condition. 

8. (Original) The method of claim 1 wherein a first one of the application sessions is running on 

a first server and a second one of the application sessions is running on a second server. 

9. (Original) The method of claim 1 wherein the step of establishing, by the session server, a 

connection between the client and the one or more application sessions is subject to a rule 
permitting the client computer operated by the user to connect to the one or more application 
sessions. 

10. (Original) The method of claim 1 wherein the connection between the user and the one or 
more application sessions is triggered by the selection of a single user interface element. 

1 1 . (Currently Amended) The method of claim 1 further comprising the step of receiving, by a 
session server, a disconnect request to disconnect the a first application session associated 
with the user and the a second application session associated with the user; 

and disconnecting, by the session server, the first and second application sessions. 

12. (Original) The method of claim 1 1 further comprising updating, by the session server, at least 
one data record associated with the first and second application sessions to indicate that the 
first and second application sessions are disconnected. 



4371854vl 



Application No. 10/71 1,731 Docket No. CTX-123 

13. (Currently Amended) The method of claim 12 further comprising the step of continuing, by 
the session server, execution of one or more applications for at least one of the disconnected 
application sessions. 

14. - 17. (Canceled) 

18. (Original) The method of claim 1 wherein the one or more application sessions was 
connected to a first client computer prior to connection and, after connection, the one or more 
application sessions is reconnected to the first client computer. 

19. (Original) The method of claim 1 wherein the one or more application sessions was 
associated with a first client computer prior to establishing the connection and, after 
establishing the connection, the one or more application sessions is connected to a second 
client computer. 

20. (Original) The method of claim 1 wherein at least one application session is disconnected. 

21. (Original) The method of claim 1 wherein at least one application session is active. 

22. (Original) The method of claim 1 wherein the identifying one or more applications sessions 
is automatic upon receipt of authentication information. 

23. (Currently Amended) The method of claim 1 further comprising the step of providing for 
receiving application output from a one or more previously disconnected application sessions 
associated with the user in response to the transmitted received information. 

24. (Original) The method of claim 23 further comprising disconnecting at least one active 
application session associated with the user in response to the received information. 

25. (Original) The method of claim 23 wherein the one or more active application sessions is 
initially connected to a first client computer and, upon requesting access to the resource, the 
user is operating a second client computer. 
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26. (Original) The method of claim 23, wherein the receipt of application output from the one or 
more active application sessions is subject to a rule permitting the user to have a client 
computer operated by the user connect to the one or more active application sessions. 

27. (Original) The method of claim 23 wherein the receipt of application output from the one or 
more active application sessions and the receipt of application output from the one or more 
disconnected application sessions are triggered by the selection of a single user interface 
element. 

28. (Original) The method of claim 23 wherein the one or more disconnected application 
sessions was connected to a first client computer prior to disconnection and, at connection, 
the one or more disconnected application session is reconnected to the first client computer. 

29. (Original) The method of claim 23 wherein the one or more disconnected application 
sessions was connected to a first client computer prior to disconnection and, at connection, 
the one or more disconnected application session is connected to a second client computer. 

30. (Currently Amended) A system for providing authorized remote access to an application 
session, the policy engine comprising: 

a collection agent gathering information about the client node; and 
a policy engine receiving the gathered information, making an access control 
decision based on the received information, and requesting an enumeration of one or more 
application sessions associated with the client node, the request including the access control 
decision; and 

a session server generating an enumeration of one or more application sessions 
associated with the client node responsive to the access control decision. 

3 1 . (Original) The system of claim 30 wherein the collection agent executes on the client node. 

-5 - 

4371854vl 



Application No. 10/71 1,731 Docket No. CTX-123 

32. (Original) The system of claim 30 wherein the policy engine transmits the collection agent to 
the client node. 

33. (Original) The system of claim 30 wherein the policy engine transmits instructions to the 
collection agent determining the type of information the collection agent gathers. 

34. (Canceled) 

35. (Original) The system of claim 30 wherein a first one of the application sessions is running 
on a first server and a second one of the application sessions is running on a second server. 

36. (Original) The system of claim 30 wherein the session server connects the client node to the 
one or more application sessions. 

37. (Original) The system of claim 36 wherein the connection of the client node to the one or 
more application sessions, is triggered by selection of a single user interface element. 

38. (Original) The system of claim 36 wherein the session server is also configured to receive a 
disconnect request to disconnect the first application session associated with the user and the 
second application session associated with the user and disconnect the first and second 
application sessions in response to the request. 

39. (Original) The system of claim 38 wherein the session server is further configured to update 
at least one data record associated with each of the first and second application sessions to 
indicate that the first and second application sessions are disconnected. 

40. (Cancelled) 

41. (Original) The system of claim 30 wherein the policy engine further comprises stored data 
associated with one or more servers executing application sessions. 
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42. (Original) The system of claim 30 wherein the one or more application sessions was 
connected to a first client computer prior to connection and, after connection, the one or more 
application sessions is reconnected to the first client computer. 

43. (Original) The system of claim 30 wherein the one or more application sessions was 
associated with a first client computer prior to connection and, after connection, the one or 
more application sessions is connected to a second client computer. 

44. (Original) The system of claim 30 wherein at least one of the one or more application 
sessions is disconnected. 

45. (Original) The system of claim 30 wherein at least one of the one or more application 
sessions is active. 

46. (New) The method of claim 1 wherein step (b) further comprises gathering one or more of 
the following information about the client node: a machine identification (ID) of the client 
node, type of an operating system, existence of a patch to the operating system, a Media 
Access Control (MAC) address of a network card, a digital watermark on the client node, a 
membership in an Active Directory, an existence of a virus scanner, an existence of a 
personal firewall, an HTTP header, a browser type, a device type, network connection 
information, and authorization credentials. 

47. (New) The method of claim 1 wherein step (f) further comprises establishing the connection 
between the client computer and the one or more application sessions responsive to the 
policy engine making the access control decision. 
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